{"id":15271,"date":"2025-12-05T07:06:30","date_gmt":"2025-12-05T07:06:30","guid":{"rendered":"https:\/\/newestek.com\/?p=15271"},"modified":"2025-12-05T07:06:30","modified_gmt":"2025-12-05T07:06:30","slug":"15-years-in-zero-trust-remains-elusive-with-ai-rising-to-complicate-the-challenge","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15271","title":{"rendered":"15 years in, zero trust remains elusive \u2014 with AI rising to complicate the challenge"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>The <a href=\"https:\/\/www.csoonline.com\/article\/564201\/what-is-zero-trust-a-model-for-more-effective-security.html\">zero trust<\/a> approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure.<\/p>\n<p>A <a href=\"https:\/\/www.csoonline.com\/article\/4048002\/88-of-cisos-struggle-to-implement-zero-trust.html\">recent report from Accenture<\/a> paints a picture of widespread industry struggles in rolling out zero trust technologies, a perspective in line with the experiences of experts and security practitioners quizzed on the topic by CSO.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/zero-trust\/\">Zero trust networking<\/a> involves applying a security framework where no user or device is trusted by default. Under zero trust, every access attempt is accompanied by authenticating identity and device compliance regardless of whether or not it originates within an organization.<\/p>\n<p>The approach contrasts with traditional \u201ccastle and moat\u201d models where devices within an enterprise network were trusted by default.<\/p>\n<p>Many enterprises have progressed slowly on their <a href=\"https:\/\/www.csoonline.com\/article\/3965399\/security-leaders-shed-light-on-their-zero-trust-journeys.html\">zero trust journeys<\/a> largely because implementation requires a fundamental shift in both mindset and infrastructure. Key roadblocks include:<\/p>\n<ul class=\"wp-block-list\">\n<li>Legacy systems that weren\u2019t designed for zero trust principles,<\/li>\n<li>Fragmented identity and access tools that make unified enforcement difficult, and<\/li>\n<li>Cultural and organizational resistance to changing long-standing trust models.<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/kylewickert\/?originalSubdomain=ca\">Kyle Wickert<\/a>, field CTO at AlgoSec, says zero trust remains one of the most misunderstood transformations in cybersecurity.<\/p>\n<p>\u201cMany organizations still hesitate to pursue it because they associate zero trust with rigid architectures, operational complexity, and high implementation costs,\u201d Wickert says. \u201cThat perception is rooted in the legacy days of reassigning IPs, redesigning routing, re-plumbing VLANs, or physically rewiring environments just to enforce segmentation policies.\u201d<\/p>\n<p>The industry-wide shift to software-defined and cloud-driven data centers has lifted legacy challenges while creating new issues in the shape of growing policy and application complexity.<\/p>\n<p>\u201cOne of the biggest obstacles to zero trust at scale is no longer the infrastructure \u2014 it\u2019s the challenge of defining, governing, and maintaining policies that adapt across hybrid networks, spanning on-prem firewalls, cloud-native controls, SDN, SD-WAN, and SASE technologies,\u201d Wickert says. \u201cThe most effective way to overcome these challenges is to shift the focus of segmentation from \u2018devices and subnets\u2019 to applications and their connectivity.\u201d<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/rickhholland\/\">Richard Holland<\/a>, field CISO at threat-led cybersecurity firm Quorum Cyber, argues that zero trust represents a method to mature an organization\u2019s security health rather than a set of products and services.<\/p>\n<p>\u201cI would argue that the technology to achieve zero trust has been in existence for some time and CISOs and CIOs may have already found themselves on a roadmap without realizing it is zero trust,\u201d Holland says. \u201cBy treating zero trust as a journey to improve cybersecurity health, and by taking small bite-size chunks, you can iterate through a series of improvements in relatively quick succession.\u201d<\/p>\n<p>Other cybersecurity experts contend that zero trust migrations offer an opportunity to support more ambitious IT transformation projects.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/stephen-fridakis-96184b\/\">Stephen Fridakis<\/a>, CISO in residence at Cyderes, says the shift from network-based rules to identity-based rules inherent in zero trust implementations offers a roadmap to \u201csafer, simpler, and more durable\u201d enterprise architectures.<\/p>\n<p>\u201cIP ranges, VLANs, and physical locations are brittle and age badly, especially with M&amp;A churn and cloud adoption,\u201d Fridakis explains. \u201cIdentity-based access follows the user and device, not the network.\u201d<\/p>\n<p>He adds: \u201cIt eliminates firewall sprawl, reduces engineering overhead, and enforces intent instead of infrastructure.\u201d<\/p>\n<h2 class=\"wp-block-heading\" id=\"wise-up\">Wise up<\/h2>\n<p>University of Texas CISO <a href=\"https:\/\/www.utsystem.edu\/offices\/information-security\/chief-information-security-officer\">George Finney<\/a> has discussed zero trust with hundreds of security leaders. Those conversations have uncovered several common denominators on why zero trust projects fail.<\/p>\n<p>Firstly, internal politics has the potential to derail zero trust implementations. \u201cTechnology in a company is generally operated and supported in silos,\u201d Finney says. \u201cThese different areas may not understand the big picture of how much risk a cybersecurity breach could represent and resist change.\u201d<\/p>\n<p>Conversely, in organizations that have successfully shifted to zero trust, \u201cleadership in every area agree that security is a core part of the success of the organization as a whole,\u201d Finney says.<\/p>\n<p>Insufficient education can also act as a barrier preventing the successful rollout of zero trust technologies, according to Finney.<\/p>\n<p>\u201cStarting a zero trust project requires more than just changing the design of a network or modifying some settings in an application,\u201d he says. \u201cEveryone on the team needs to understand what zero trust is, why the organization is doing it, and what role they\u2019ll play in supporting it.\u201d<\/p>\n<p>\u201cThis means that every zero trust project needs to begin with education to help change not just the technology, but the culture of the organization as well,\u201d he adds.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/garybrickhouse\/\">Gary Brickhouse<\/a>, CISO at GuidePoint Security, notes that an \u201coverly-complex approach\u201d to zero trust has driven up costs and timelines as organizations pursue overly strict alignment with zero trust principles.<\/p>\n<p>\u201cMost organizations would benefit from a simplified risk-based approach, identifying critical use cases that are achievable and deliver the desired outcome of risk reduction,\u201d Brickhouse says. \u201cEarly wins improving the security of the organization and moving the ZT [zero trust] needle forward builds confidence across the organization.\u201d<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/\">Rob Forbes<\/a>, CISO at Stratascale, advises security leaders to develop a strategic roadmap before embarking on any zero trust project.<\/p>\n<p>\u201c[CISOs should] start with a comprehensive assessment of their current security posture and assets,\u201d Forbes counsels. \u201cNext, develop a roadmap for zero trust implementation, prioritizing critical assets and high-risk areas.\u201d<\/p>\n<p>These steps should be followed by investments in training and tools to support the transition to a zero trust model, which ought to be left open to further refinement as requirement evolve.<\/p>\n<p>\u201c[Companies should] regularly review and update their zero trust strategy to adapt to new threats and technologies,\u201d Forbes adds.<\/p>\n<h2 class=\"wp-block-heading\" id=\"ai-reinforces-zero-trust-paradigm\">AI \u2018reinforces\u2019 zero trust paradigm<\/h2>\n<p>As <a href=\"https:\/\/www.csoonline.com\/article\/4047974\/agentic-ai-a-cisos-security-nightmare-in-the-making.html\">agentic AI <\/a>becomes increasingly embedded in the business, standard zero trust principles must be extended to keep the enterprise secure.<\/p>\n<p>By 2027, growth of AI agents will push 50% of CIOs to restructure and automate identity and data access and authorization management to reduce misuse and leakage as part of a zero trust architecture, according to industry analyst firm IDC.<\/p>\n<p>Security experts call on organizations to implement a new wave of zero trust, extending beyond people and devices to include AI agents. In practice, this means enforcing strict context boundaries, trusted domain controls, and AI-specific security reviews.<\/p>\n<p><a href=\"https:\/\/www.linkedin.com\/in\/john-kindervag-40572b1\/\">John Kindervag<\/a>, chief evangelist officer at Illumio, tells CSO that \u201cAI doesn\u2019t change the zero trust paradigm \u2014 it reinforces it.\u201d<\/p>\n<p>\u201cAI operates within the constraints of cybersecurity\u2019s foundational rules, and attacks only work if there\u2019s an open door,\u201d Kindervag argues.<\/p>\n<p>The bigger risk is from AI models, according to Kindervag.<\/p>\n<p>\u201cAI models can become a liability if not governed by zero trust,\u201d he says. \u201cIf an organization doesn\u2019t treat its AI models as protect surfaces, they risk manipulation, poisoning, or theft.\u201d<\/p>\n<p>In most cases, AI supports zero trust implementation.<\/p>\n<p>\u201cGood AI highlights high-risk communication patterns, surfaces unusual behaviour, and accelerates processes like labeling and policy implementation,\u201d Kindervag explains. \u201cAI can help in every step of the zero trust five-step methodology, but it really helps organizations to push beyond resilience into anti-fragility.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>The zero trust approach cybersecurity access control is more than 15 years old but organizations continue to struggle with its implementation due in large part to fragmented tooling and legacy infrastructure. A recent report from Accenture paints a picture of widespread industry struggles in rolling out zero trust technologies, a perspective in line with the experiences of experts and security practitioners quizzed on the topic&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=15271\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15271","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15271","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15271"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15271\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}